[tor-relays] Is OVH a safe vps provider to run an exit relay on?
Keifer Bly
keifer.bly at gmail.com
Fri Apr 2 02:15:36 UTC 2021
Would running a bridge on ovh be ok? Thanks.
--Keifer
On Thu, Apr 1, 2021 at 1:29 AM William Kane <ttallink at googlemail.com> wrote:
> Hi,
>
> no, OVH is the second most commonly used hosting provider, another
> relay hosted there would hurt the network more than it would help:
>
> https://metrics.torproject.org/bubbles.html#as
>
> We need to make the network as diverse as possible, in order to make
> it as hard as possible for law enforcement and other bad actors to
> de-anonymize tor circuits.
>
> If you really want to help us out, here's what I advise you to do:
>
> - Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
> AES-NI, and good single thread performance since tor is mostly
> single-threaded).
> - Get your own subnet, it doesn't have to be huge, but make sure you
> are allowed to change the abuse-mailbox field to an e-mail you own, so
> your host doesn't get flooded with automated and mostly useless abuse
> reports and terminates your service in response.
> - Make use of QEMU/KVM and create one virtualized instance for each
> set of two relays (maximum amount of relays sharing the same public
> address is 2).
> - Make use of the CPU-pinning feature offered by libvirt, and the
> isolcpus kernel argument to isolate all but two cores from the
> kernel's scheduler, and pin two cores to each VM.
> - Disable all CPU mitigations (mitigations=off on the kernel command
> line) to increase performance, since you are only installing signed
> packages anyway, there is no untrusted code running on the system,
> which means there is no need for any mitigations to be active.
> - Make sure you have an unmetered traffic plan and at the very least
> 1, but best case 2 1Gbit/s uplinks.
>
> With a somewhat modern CPU supporting hardware AES acceleration, this
> should get you 150 to 200 Mbps per tor instance, at least that's my
> experience when I ran the setup described above around 4 years ago.
>
> On a last note, whatever you decide to do, please don't settle for
> some overused host just because it's easier or cheaper - you might as
> well not host a relay at all, then.
>
> Look for a host, get it's AS ID, then input it here:
> https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
>
> Example:
>
> https://metrics.torproject.org/rs.html#search/as:AS197019
>
> If this was a bit too much, I apologize - I will gladly answer any
> questions you have.
>
> - William
>
> On 30/03/2021, Keifer Bly <keifer.bly at gmail.com> wrote:
> > Hi,
> >
> >
> >
> > I am wondering if OVH is a safe VPS provider to run an exit relay on?
> Thank
> > you.
> >
> >
> >
> > --Keifer
> >
> >
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20210401/5475b550/attachment-0001.htm>
More information about the tor-relays
mailing list